Preventing Web Attacks With Apache

Тема в разделе "Литература", создана пользователем kkreati, 8 авг 2007.

Статус темы:
Модераторы: Hilo
  1. kkreati

    kkreati Писатель

    1 авг 2007
    Preventing Web Attacks With Apache
    Author(s:( Ryan C. Barnett
    Publisher: Addison Wesley
    Year: Jan 2006
    ISBN: 0321321286
    Language: English
    File type: CHM
    Pages: 624
    Size (for download:( 6 MB

    Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won't protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you'll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.

    Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.

    Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured "in the wild."

    For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.

    With this book, you will learn to:
    - Address the OS-related flaws most likely to compromise Web server security
    - Perform security-related tasks needed to safely download, configure, and install Apache
    - Lock down your Apache httpd.conf file and install essential Apache security modules
    - Test security with the CIS Apache Benchmark Scoring Tool
    - Use the WASC Web Security Threat Classification to identify and mitigate application threats
    - Test Apache mitigation settings against the Buggy Bank Web application
    - Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
    - Master advanced techniques for detecting and preventing intrusions

    Chapter 01 - Web Insecurity Contributing Factors
    Chapter 02 - CIS Apache Benchmark
    Chapter 03 - Downloading and Installing Apache
    Chapter 04 - Configuring the httpd.conf File
    Chapter 05 - Essential Security Modules for Apache
    Chapter 06 - Using the Center for Internet Security Apache Benchmark Scoring Tool
    Chapter 07 - Mitigating the WASC Web Security Threat Classification with Apache
    Chapter 08 - Protecting a Flawed Web Application: Buggy Bank
    Chapter 09 - Prevention and Countermeasures
    Chapter 10 - Open Web Proxy Honeypot
    Chapter 11 - Putting It All Together
    Appendix A - Web Application Security Consortium Glossary
    Appendix B - Apache Module Listing
    Appendix C - Example httpd.conf File


Статус темы: